Logo gray

The intersection of the GDPR and competition law: insights from the meta platforms case

In a landmark judgment on 4 July 2023, the European Court of Justice (ECJ) delivered a significant ruling in the Meta Platforms case, shedding light on the intricate relationship between data protection rules and competition law. This ruling represents the culmination of a saga that began with a 2019 decision by the German Federal Cartel Office (Bundeskartellamt), requiring Facebook (now Meta) to cease combining user data from various sources beyond its social network. The ECJ established that a national competition authority can find, in the context of the examination of abuse of a dominant position, that the GDPR has been infringed.

The case eventually made its way to the ECJ, with the Düsseldorf Court seeking clarification on whether national competition authorities could assess the consistency of personal data processing with the General Data Protection Regulation (GDPR) in abuse of dominance investigations under EU competition law. The ECJ's affirmative response expanded the scope of EU competition law to encompass data protection considerations.

The ECJ's judgment underscores the significance of data protection standards in competition law. While acknowledging the distinct functions of data protection and competition authorities, the ECJ affirmed that national competition authorities are not precluded from evaluating GDPR compliance within the context of abuse of dominance investigations. The ECJ recognized that access to personal data has become a crucial factor in the digital economy's competitive landscape, emphasizing that ignoring GDPR rules would undermine the effectiveness of EU competition law.

However, the ECJ adopted a more cautious stance regarding the reciprocal influence of competition concepts on data protection law. While it acknowledged the relevance of a dominant firm's position in determining the validity of user consent, the Court refrained from rendering consent invalid solely based on dominance. Instead, it focused on GDPR provisions, such as the requirement for users to freely refuse consent for non-essential data processing, making it challenging for dominant companies to obtain valid consent for extensive data processing.

One noteworthy aspect of the judgment is the framework established by the Court for cooperation between data protection and competition authorities, given the absence of specific EU rules in this regard. Relying on the duty of sincere cooperation under the Treaty on the European Union, the ECJ mandated that competition authorities must consult and cooperate sincerely with data protection authorities to ensure GDPR compliance while safeguarding its effectiveness. This cooperative framework involves consultation, cooperation, and timely responses between the two regulatory bodies.

The Meta Platforms case serves as a milestone in the integration of data protection and competition law, confirming the legitimacy of competition authorities considering GDPR violations in abuse of dominance cases. While the judgment sets a precedent for assessing data processing by dominant firms, it also leaves room for further clarification and coordination between competition and data protection authorities in future cases. The evolving landscape of digital competition and privacy will undoubtedly continue to challenge regulators, necessitating ongoing collaboration to strike a balance between competition and data protection objectives.